While a 21 November gaffe by a Boeing employee who, seeking Excel formatting assistance, emailed a spreadsheet containing personal data of 36,000 company employees to his spouse has not led to exposure of the data as of yet, the Seattle-based aerospace company, as required by law, issued a disclosure to Washington State Attorney General Bob Ferguson.
The spreadsheet contained the usual employee information: including full names, places of birth, employee IDs, Social Security numbers, dates of birth and accounting department codes. Some of the data was in hidden columns, the company's deputy chief privacy officer, Marie E. Olson, explained in a 8 February notification letter to AG Ferguson:
“During Boeing's investigation, the employee stated that he sent a spreadsheet with the personal information to his spouse for help with a formatting issue. He did not realise there was sensitive information included on the spreadsheet because that information was contained in hidden columns.”
The company, Olson added, has taken steps to ensure all copies of the spreadsheet have been destroyed – on the employee's computer as well as on his wife's. And both parties confirmed they had not distributed the document.
Boeing employees began receiving notices on 8 February informing them of the breach. The company explained it would begin additional training of individuals in the proper handling of sensitive information and take steps to add controls "to further protect your personal information."
Employees were also provided with a complimentary two-year subscription to a credit monitoring service.